BreachExchange mailing list archives
U.K. scientists build weapon to combat phishing, password theft
From: Lee J <lee () riskbasedsecurity com>
Date: Sat, 24 Aug 2013 09:37:37 +1000
http://www.upi.com/Science_News/2013/08/23/UK-scientists-build-weapon-to-combat-phishing-password-theft/UPI-99461377293275 LONDON, Aug. 23 (UPI) -- Researchers at a British university say they've developed technology to help protect people from "phishing" cyberattacks and online password theft. In phishing attacks, criminals lure people to fake websites that look like real ones and encourage them to enter their log-in details, including passwords and sometimes personal and financial information. Computer scientists from Royal Holloway University in London say they've devised a system named Uni-IDM that will enable people to create electronic identity cards for each website they access. The virtual identity cards are then securely stored, allowing owners to simply click on the card when they want to log back in, safe in the knowledge that the data will only be sent to the authentic website, a university release reported Friday. "We have known for a long time that the user name and password system is problematic and very insecure, proving a headache for even the largest websites," researcher Chris Mitchell of the university's Information Security Group said. "LinkedIn was hacked, and over 6 million stolen user passwords were then posted on a website used by Russian cyber criminals; Facebook admitted in 2011 that 600,000 of its user accounts were being compromised every single day. "Despite this," Mitchell said, "user name and password remains the dominant technology, and while large corporations have been able to employ more secure methods, attempts to provide homes with similar protection have been unsuccessful, except in a few cases such as online banking." The researchers said Uni-IDM is designed as a solution for people who will need to access the growing number government services going online, such as tax and benefits claims, with many of those people having little experience using the Internet. "The hope is that our technology will finally make it possible to provide more sophisticated technology to protect all Internet users," Mitchell said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- U.K. scientists build weapon to combat phishing, password theft Lee J (Aug 26)